ID de Prueba:	1.3.6.1.4.1.25623.1.0.806882
Categoría:	Web application abuses
Título:	WebSVN <= 2.3.3 XSS Vulnerability
Resumen:	WebSVN is prone to a cross-site scripting (XSS); vulnerability.
Descripción:	Summary: WebSVN is prone to a cross-site scripting (XSS) vulnerability. Vulnerability Insight: The flaw is due to improper validation of the 'path' parameter in 'log.php', 'revision.php', 'listing.php' and 'comp.php'. Vulnerability Impact: Successful exploitation may allow remote attackers to execute arbitrary script code in a user's browser session within the trust relationship between their browser and the server. Affected Software/OS: WebSVN version 2.3.3 and prior. Solution: As a workaround make the changes in the file 'include/setup.php' as mentioned in the advisory at the references. CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2016-2511 Debian Security Information: DSA-3490 (Google Search) http://www.debian.org/security/2016/dsa-3490 http://lists.fedoraproject.org/pipermail/package-announce/2016-March/179168.html http://seclists.org/fulldisclosure/2016/Feb/99 http://packetstormsecurity.com/files/135886/WebSVN-2.3.3-Cross-Site-Scripting.html Common Vulnerability Exposure (CVE) ID: CVE-2016-1236 Debian Security Information: DSA-3572 (Google Search) http://www.debian.org/security/2016/dsa-3572 http://www.openwall.com/lists/oss-security/2016/05/05/22
Copyright	Copyright (C) 2016 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.